Adobe Releases Emergency Security Update for Acrobat Reader

Adobe recently issued a critical security update for Acrobat Reader to address a vulnerability, identified as CVE-2026-34621, that has been actively exploited in zero-day attacks since December. The flaw enables malicious PDF files to circumvent sandbox restrictions and utilize privileged JavaScript APIs, potentially leading to arbitrary code execution. The exploit observed in attacks allows for the unauthorized reading and extraction of arbitrary files without the need for user interaction beyond opening the malicious PDF.

More specifically, the exploit leverages APIs like util.readFileIntoStream() to access local files and RSS.addFeed() to exfiltrate data and fetch additional attacker-controlled code.

The vulnerability was uncovered by Haifei Li, the founder of the EXPMON exploit detection system, following the submission of a PDF sample named “yummy_adobe_exploit_uwu.pdf” for analysis. Li’s investigation was prompted by the activation of the system’s “detection in depth” feature, which is a specialized detection capability developed specifically for Adobe Reader.

Security researcher Gi7w0rm detected attacks in the wild utilizing Russian-language documents with oil and gas industry lures. Upon receiving Li’s report, Adobe promptly issued a security bulletin over the weekend, assigning the vulnerability the CVE-2026-34621 identifier.

Initially rated as critical with a network attack vector, Adobe later revised the severity to 8.6 after reclassifying the vector as local. The impacted products include various versions of Acrobat DC, Acrobat Reader DC, and Acrobat 2024 for Windows and macOS.

Adobe recommends users update their software through the ‘Help > Check for Updates’ option or download the latest Acrobat Reader installer from the official Adobe software portal. The bulletin did not provide any workarounds or mitigations, emphasizing the importance of applying the security updates as the primary preventive measure.

It is crucial for users to exercise caution when handling PDF files from unknown sources and consider opening them in sandboxed environments when suspicious.

Automated pentesting validates security controls, while BAS determines their effectiveness. This whitepaper explores six validation surfaces, highlights coverage limitations, and offers three essential questions for evaluating security tools.

Get Your Copy Now